CVE-2023-34830 PoC — i-doit Open 跨站脚本漏洞

Source

Associated Vulnerability

Readme

# CVE-2023-34830 - Reflected XSS found in i-doit Open v24 and below


i-doit Open v24 and below are vulnerable to Reflected XSS vulnerability. These vulnerabilities could allows remote authenticated attackers to inject arbitrary web script or HTML.

Description of product : i-doit is a web based Open Source IT documentation and CMDB (Configuration Management Database) developed by synetics GmbH


Description of vulnerability : We found that this web application allows any authenticated user to inject arbitrary web script or HTML into affected parameter.


Affected Webpage : main login page

Affected Parameter&Component : ?timeout

Step 1 : Add ?timeout after main login page, Screenshot below shows the error message after insert the ?timeout parameter.

![image](https://github.com/leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below/assets/45155253/fbbb3cf9-17b4-4c04-a397-c9e6ec2d2226)


Step 2 : Add the XSS payload after the ?timeout , then login with valid credential, as this is a Reflected XSS, it will Reflect your result after you have         successfully login

payload used : a19yc%22%3e%3cscript%3ealert(%22THIS%20IS%20XSS%20FROM%20BB%22)%3c%2fscript%3emjf9oc2183m

Note. you may need 2-3 times to trigger the XSS payload , so just redo if first login is failed....

![image](https://github.com/leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below/assets/45155253/bacd02d7-b9db-431c-a9a7-2033f9ac6986)


![image](https://github.com/leekenghwa/CVE-2023-34830---Reflected-XSS-found-in-I-doit-Open-v24-and-below/assets/45155253/dcf38834-02ec-49a3-8168-b2979485bd9d)


PS : Vendor have acknowledged and will release the bug fixes in i-doit open 25, Surprisingly, i only received the notification from i-doit pro 25. 

File Snapshot

 [4.0K]  /data/pocs/078eb901f09adb7c1ddecd362a7e363339cc9846
└── [1.7K]  README.md

0 directories, 1 file

Remarks